Page 1 of 1
Gaining root shell access on Nighthawk M1 MR1100
Posted: Mon Aug 30, 2021 7:07 pm
by michaeljcallahan
Hello everyone!
Using a slide deck from a DefCon talk I was able to get root access to the MR1100. I wrote a guide on it and thought I would share with yall. Thanks!
https://medium.com/@michael_58691/gaini ... 69525d67d1
Re: Gaining root shell access on Nighthawk M1 MR1100
Posted: Tue Aug 31, 2021 11:13 am
by Didneywhorl
Welcome!
Awesome! This is what the hacks forum is about.
Thank you
Re: Gaining root shell access on Nighthawk M1 MR1100
Posted: Sat Sep 04, 2021 10:02 am
by Rich Hathaway
@ michaeljcallahan
There is a much easier way to get root on these devices, you do not need to reload the firmware and go thru all of that,
just use the challenge response generator that is on the web and either unlock the MEP or use the openlock command/query and then change the advance command password by AT!SETCND="[pwd]" you can make pwd anything you wish, then enable telnet on port 23
by
AT!TELEN=1
AT!CUSTOM="RDENABLE", 1
AT!CUSTOM="TELNETENABLE", 1
now telnet should be available on MR1100 via 192.168.1.1:23, you can do this in about a min or 2
Re: Gaining root shell access on Nighthawk M1 MR1100
Posted: Wed Nov 03, 2021 9:00 pm
by JonaP
I have tried entering AT!TELEN=1 on my AC797S but it is not recognizing that command, what could be the possible command as alternate for that model? Thanks
Re: Gaining root shell access on Nighthawk M1 MR1100
Posted: Thu Nov 03, 2022 2:19 pm
by Mjustiz
Hello would this enable you to make ipv6 work through the lan port?
Re: Gaining root shell access on Nighthawk M1 MR1100
Posted: Sat Nov 05, 2022 7:05 am
by w1lliam
JonaP wrote: ↑Wed Nov 03, 2021 9:00 pm
I have tried entering AT!TELEN=1 on my AC797S but it is not recognizing that command, what could be the possible command as alternate for that model? Thanks
you can try with a tool, mrCONFIG, it will do the job if that is supported.
https://tinyurl.com/mrCONFIGTools